12.04.2025
Home > Crypto Crime > Crypto Wallets Targeted by Sophisticated Malware Campaign

Crypto Wallets Targeted by Sophisticated Malware Campaign

12.04.2025 19:00 2 min. read Alexander Stefanov
SHARE: SHARES
Crypto Wallets Targeted by Sophisticated Malware Campaign

Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting the crypto community.

This wave of cyberattacks uses a deceptive software supply chain to target popular Web3 wallets, including Atomic Wallet and Exodus, exploiting vulnerabilities in the npm package manager commonly used by JavaScript and Node.js developers.

The attack centers around a malicious package, pdf-to-office, which masquerades as a tool for converting PDF documents into Microsoft Office formats. However, once downloaded and executed, the package quietly inserts harmful code into the victim’s system, specifically altering locally installed versions of trusted crypto wallets like Atomic Wallet and Exodus.

This code then enables attackers to secretly intercept and reroute cryptocurrency transactions to wallets they control, all while the victim remains unaware.

READ MORE:

Experts Question Trump’s Tariff Move: Temporary Relief or Deeper Uncertainty?

What makes this attack particularly insidious is its subtlety. Rather than attacking open-source repositories directly, the attackers target existing, legitimate software installations by modifying them locally. This technique is harder to detect and more difficult to counter than traditional supply chain attacks that affect upstream code.

The malicious pdf-to-office package first appeared on npm in March 2025 and has been updated multiple times, with the latest version released in April. Using machine learning analysis, ReversingLabs researchers uncovered the malicious behavior, revealing that the package contained obfuscated JavaScript—an unmistakable sign of a malware campaign.

Even after users removed the malicious package, the damage persisted. The malicious patches remained in the Web3 wallet software, requiring victims to fully uninstall and reinstall their wallet applications to eliminate the trojan and restore security. This attack highlights the evolving nature of cyber threats in the crypto space, requiring heightened vigilance from both developers and users.

Telegram

SHARE: SHARES
Popular News
More Crypto Crime News

Australia Cracks Down on Almost 100 Crypto Companies Linked to Fraudulent Scams

Australia’s efforts to combat crypto-related fraud have intensified, with the country’s Securities and Investments Commission (ASIC) targeting 95 companies allegedly involved in deceptive schemes like pig butchering scams.

09.04.2025 20:00 2 min. read Alexander Stefanov

$20 Million AI Scam Uncovered in Spain: Criminal Network Exposed

Spanish police have busted a criminal network that used AI to run a global investment scam, arresting six individuals linked to the operation.

09.04.2025 14:00 2 min. read Alexander Stefanov

Bloomberg Strategist Predicts Bitcoin Crash to $10,000

Mike McGlone, a senior commodity strategist at Bloomberg, has stirred the crypto community with his latest prediction about Bitcoin’s future price movement.

07.04.2025 15:30 1 min. read Alexander Stefanov

US Treasury Sanctions Iran-Backed Rebel Network Over Crypto Transactions and Arms Supply

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced new sanctions targeting a financial network that supports the Houthis, a group backed by Iran that has been responsible for numerous attacks on vessels in the Red Sea and Gulf of Aden.

05.04.2025 15:00 2 min. read Alexander Stefanov
Popular News

Support CryptoDNES

QR for the Bitcoin/Ethereum Address:

QR for the Bitcoin/Ethereum Address:

No Comments yet!

Your Email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.